diff options
| author | Ilya Etingof <etingof@gmail.com> | 2019-08-06 22:56:33 +0200 |
|---|---|---|
| committer | Ilya Etingof <etingof@gmail.com> | 2019-08-10 20:32:57 +0200 |
| commit | 85633698a89f0eb3b12f70d6e52a40a571eedf4c (patch) | |
| tree | 690ca19cf372671974127115feba65c71d5978c2 /pysnmp/proto/mpmod | |
| parent | d7fa0f0c3bf3241b7f8610a1ca47b0c47dd72877 (diff) | |
| download | pysnmp-git-85633698a89f0eb3b12f70d6e52a40a571eedf4c.tar.gz | |
Move SNMP engine discovery code to security module
This SNMP engine ID discovery procedure is spread across message
processing and security modules. This is weird!
Anyway, this change moves SNMP message rewriting, associated with
starting out SNMP discovery sequence, to security module. The
motivation is to let security module making the ultimate decision
whether or not SNMP engine discovery is required.
For example, if localized keys are committed directly to the DB,
security module may just use them without engine discovery phase.
Diffstat (limited to 'pysnmp/proto/mpmod')
| -rw-r--r-- | pysnmp/proto/mpmod/rfc3412.py | 29 |
1 files changed, 3 insertions, 26 deletions
diff --git a/pysnmp/proto/mpmod/rfc3412.py b/pysnmp/proto/mpmod/rfc3412.py index 20852db6..2062bf0e 100644 --- a/pysnmp/proto/mpmod/rfc3412.py +++ b/pysnmp/proto/mpmod/rfc3412.py @@ -234,33 +234,10 @@ class SnmpV3MessageProcessingModel(AbstractMessageProcessingModel): else: if peerSnmpEngineData is None: - # Force engineID discovery (rfc3414, 4) - securityEngineId = securityName = self._emptyStr - securityLevel = 1 - - # Clear possible auth&priv flags - headerData.setComponentByPosition( - 2, self._msgFlags[msgFlags & 0xfc], verifyConstraints=False, - matchTags=False, matchConstraints=False) - - # XXX - scopedPDU = self._scopedPDU - scopedPDU.setComponentByPosition( - 0, self._emptyStr, verifyConstraints=False, matchTags=False, - matchConstraints=False) - scopedPDU.setComponentByPosition(1, contextName) - scopedPDU.setComponentByPosition(2) - - # Use dead-empty PDU for engine-discovery report - emptyPdu = pdu.clone() - pMod.apiPDU.setDefaults(emptyPdu) - - scopedPDU.getComponentByPosition(2).setComponentByType( - emptyPdu.tagSet, emptyPdu, verifyConstraints=False, - matchTags=False, matchConstraints=False) - debug.logger & debug.FLAG_MP and debug.logger( - 'prepareOutgoingMessage: force engineID discovery') + 'prepareOutgoingMessage: peer SNMP engine is not known') + + securityEngineId = None else: securityEngineId = peerSnmpEngineData['securityEngineId'] |